From 9a76adb348ad1930087196592a42d1260440a34c Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Mon, 11 Nov 2019 22:27:50 +0300 Subject: [PATCH] Better removal of private keys --- kernel.spec | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/kernel.spec b/kernel.spec index d5fd960..f151cd4 100644 --- a/kernel.spec +++ b/kernel.spec @@ -4,7 +4,7 @@ %define sublevel 7 # Release number. Increase this before a rebuild. -%define rpmrel 7 +%define rpmrel 8 %define fullrpmrel %{rpmrel} %define rpmtag %{disttag} @@ -792,6 +792,21 @@ find . -name '.get_maintainer.ignore' | %kxargs rm -f %build +# Ensure that build time generated private keys don't get published +# as e.g. "RPM build root" on ABF! +# Note that ABF sends SIGKILL to rpm-build.sh when the build is terminated; +# in this case trap will not work, but RPM build root also will not be +# saved because rpm-build.sh saves it, but it is SIGKILLed. +# For best security we could store private keys in RAM (not reachable from +# filesystem, so not in /tmp!) and override sth like fopen() by LD_PRELOAD +# to give the content of keys from RAM when a virtual address of a key file +# is accessed, but currently I don't know how to implement this (TODO: ). +_cleanup(){ + rm -fvr "%{certs_dir_rnd}" +} +# Make a trap to delete keys even if %%build fails in the middle +trap "_cleanup" EXIT + rm -rf %{temp_root} install -d %{temp_root} @@ -998,6 +1013,7 @@ chmod +x tools/power/cpupower/utils/version-gen.sh %make -C tools/power/cpupower CPUFREQ_BENCH=false %endif +_cleanup ############################################################################ %install @@ -1087,7 +1103,3 @@ install -m644 %{SOURCE53} %{buildroot}%{_unitdir}/cpupower.path install -m644 %{SOURCE51} %{buildroot}%{_sysconfdir}/sysconfig/cpupower install -m755 %{SOURCE52} %{buildroot}%{_bindir}/cpupower-start.sh %endif - -# Ensure that build time generated private keys don't get published -# as e.g. "RPM build root" on ABF! -rm -fvr "%{certs_dir_rnd}"